Cyber Resilience

CVE-2026-4113

HighUpdated

Published: 09 April 2026

Published
09 April 2026
Modified
14 May 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0010 27.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-4113 is a high-severity Observable Response Discrepancy (CWE-204) vulnerability in Sonicwall Sma6210 Firmware. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Account Discovery (T1087); ranked at the 27.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-6 (Authentication Feedback) and SI-11 (Error Handling).

Deeper analysis

CVE-2026-4113 is an observable response discrepancy vulnerability, classified under CWE-204, affecting the SonicWall SMA1000 series appliances. It enables a remote attacker to enumerate SSL VPN user credentials by exploiting differences in server responses. The vulnerability received a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low complexity, and significant impacts on confidentiality, integrity, and availability.

Exploitation requires high privileges (PR:H), meaning an attacker must already possess an authenticated account with elevated access on the appliance, such as an administrator. From a network-accessible position, the attacker can send crafted requests to the SSL VPN component, observing response discrepancies to infer valid usernames and potentially passwords or other credentials. Successful enumeration could lead to full compromise of VPN access, enabling further lateral movement or data exfiltration.

SonicWall has documented the issue in their PSIRT advisory at https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2026-0003, published on 2026-04-09, which provides further details on affected versions and recommended mitigations. Security practitioners should consult this advisory for patching instructions and workarounds to address the vulnerability.

EU & UK References

Vulnerability details

An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1087 Account Discovery Discovery
Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment.
Why these techniques?

The vulnerability directly enables enumeration of valid SSL VPN user credentials (usernames and potentially passwords) via observable response discrepancies, mapping to account discovery on the target system.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4116Same product: Sonicwall Sma6200
CVE-2025-40602Same product: Sonicwall Sma6200
CVE-2025-23006Same product: Sonicwall Sma6200
CVE-2024-53704Same vendor: Sonicwall
CVE-2026-0204Same vendor: Sonicwall
CVE-2025-23193Shared CWE-204
CVE-2025-40600Same vendor: Sonicwall
CVE-2025-40599Same vendor: Sonicwall
CVE-2018-25350Shared CWE-204
CVE-2025-12455Shared CWE-204

Affected Assets

sonicwall
sma6210 firmware
≤ 12.4.3-03387 · 12.5.0 — 12.5.0-02624
sonicwall
sma8200v
≤ 12.4.3-03387 · 12.5.0 — 12.5.0-02624
sonicwall
sma7200 firmware
≤ 12.4.3-03387 · 12.5.0 — 12.5.0-02624
sonicwall
sma7210 firmware
≤ 12.4.3-03387 · 12.5.0 — 12.5.0-02624
sonicwall
sma6200 firmware
≤ 12.4.3-03387 · 12.5.0 — 12.5.0-02624

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation requires applying vendor patches to directly eliminate the response discrepancy vulnerability in the SSL VPN component.

prevent

Authentication feedback obscures responses during credential validation to prevent enumeration via observable discrepancies.

prevent

Error handling ensures server responses do not reveal exploitable differences that enable SSL VPN credential enumeration.

References